Re: auditing courses

[Keith Schoenefeld <schoenk () ILLINOIS EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This isn't an answer to the question you asked, but I can't resist
commenting.

If possible in your organization, I'd recommend that you (as an
Information Technology Security Engineer) stay as far away from auditing
as possible.  In my opinion, security engineers and officers should be
not be auditors.  It's Security's job to ensure that appropriate risk
mitigation strategies are put in place when system guidelines and/or
requirements are created, and an auditor's job to take those guidelines
and requirements and examine whether a computer or set of computers
adheres to those guidelines.  We, as security engineers, analysts, and
officers, spend way to much time trying to be the officer, the
prosecutor, and the judge.

- -- KS

Youngquist, Jason R. wrote:
> It?s budget time, and I?m looking for an auditing course to take.  I?d
> like to be able to audit various departments within our organization to
> make sure information is being properly protected.  I?ve looked at SANS
> Audit 410, but does anyone else have any recommendations for other
> auditing courses to take?
>
>
>
>
>
> Thanks.
>
> Jason Youngquist
>
> Information Technology Security Engineer, Security+
>
> Technology Services
>
> Columbia College
>
> 1001 Rogers Street, Columbia, MO  65216
>
> (573) 875-7334
>
> jryoungquist () ccis edu
>
> http://www.ccis.edu


- --
Keith Schoenefeld
Network Security Officer
Office of Privacy and Information Assurance
University of Illinois
(217) 333-4332
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoey1AACgkQdQwgufanQJomyQCfQc3UkXdkE6t0AZKZJm6C+88v
d6UAn2eAWzUGSKqGl59s7WC8/OF647iW
=k3v7
-----END PGP SIGNATURE-----